Re: Re[2]: W2k: Unkillable Applications

From: Bronek Kozicki (brok_at_rubikon.pl)
Date: 07/18/01


> It appears that the Processes tab is doing a simple filename-based
> search, and the Applications tab isn't doing any search at all.
> (After all, the 'critical system processes' like Winlogon would never
> show up in the Applications tab in the first place, since they don't
> have top-level windows associated with them.)

Little mistake here. Winlogon _has_ top-level window, its just invisible.
You may make it easilly visible with tools like showin.exe (you will find
more such windows, most are in Explorer process). See Microsoft 01-007
security bulletin, how this can be exploited.

> At the very, very least, the Task Manager should be making this check
based
> on the full pathname of the process, not just the filename; an
> application running in C:\TEMP is highly unlikely to be a critical
> system process...

Agree.

regards

B.